Global Sources
EE Times-India
 
EE Times-India > EDA/IP
 
 
EDA/IP  

Connected cars can't hold a candle to hackers, survey says

Posted: 26 Oct 2015     Print Version  Bookmark and Share

Keywords:Ponemon Institute  connected car  hacker  software 

According to the report, "Surprisingly, 43 per cent felt that white hat hackers should be subject to the Digital Millennium Copyright Act (DMCA), which means hackers could be potentially arrested for experimenting on automotive application code." Further, of the 42 per cent that believe white hat hackers shouldn't be subject to the DMCA, 54 per cent of respondents said these hackers shouldn't be encouraged to test car software.

History

Defenders of the industry might note that it's been only several years since carmakers were made aware of the need for cybersecurity.

The threat of remote wireless connection that can compromise cars was first discussed in 2011 paper, written by researchers at the University of Washington and the University of California at San Diego.

Some engineers working in the automotive industry took that seminal paper to heart. They found it an early warning signal for the coming era of connected cars. Others in the auto industry, however, argued that hacking a car without physically getting inside a car was virtually impossible. They also cited the lack of business models for making money on car hacking as a reason why they don't think this would become a widespread problem.

Over the last several years, carmakers in general chose complacency over action. Among their reasons for this complacency were: "it can't happen here," "too much effort for too little reward," and "no known actual breaches," observed Egil Juliussen, director research & principal analyst at IHS Automotive.

The automotive industry's behaviour has not changed. One example is the Markey Report, released earlier this year.

In 2014, when Massachusetts Senator Edward Markey sent a letter to 20 automakers inquiring about their vehicles' security and privacy measures, car companies acknowledged that nearly 100 per cent of their vehicles on the market today include some sort of wireless connection.

But only seven companies said they used third-party testing to check their vehicles' security. Five said they don't, and four ignored the question. Markey's office revealed all these "inconsistent and haphazard" responses from the automakers in his report.

Connect car vulnerabilities emerge

By this summer, though, several celebrated hacking incidents had emerged. These include the vulnerabilities found in Chrysler Jeeps, which resulted in Chrysler's recall of 1.4 million vehicles, and a flaw in General Motors' OnStar RemoteLink system, through which a hacker found a way to remotely unlock doors and start engines. These incidents contradicted carmakers' arguments that such incidents are "unlikely scenarios" and "scare mongering."

IHS Automotive analyst Juliussen stated that successful auto hacking still "requires lots of time and expertise." That's the good news, he said. But the bad news is that "good hacking tools and expertise are expected in three to five years."

He also observed that the auto industry is investing in cyber-security solutions. Ponemon also agreed. The report said, "It is important to recognise that, based on our research, companies are not simply sitting back and ignoring the problem."

However, the issue, as Juliussen pointed out, is that "deployment is lagging, and may take a decade to catch up."

Ponemon similarly concluded that the key will be for the automakers to start using the proven and tested best practices [in developing software] and to "provide their engineers with processes and tools that address security throughout the software development life cycle."

- Junko Yoshida
  EE Times


 First Page Previous Page 1 • 2



Comment on "Connected cars can't hold a candle t..."
Comments:  
*  You can enter [0] more charecters.
*Verify code:
 
 
Webinars

Seminars

Visit Asia Webinars to learn about the latest in technology and get practical design tips.

 

Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

 
Back to Top